<?php

echo "<p>Sending Suggestion...";

/* User wants to add data */
if ($_POST['Submit']=='Add Data' || $_POST['Submit']=='Make Copy') {
// Building Query 

$sql = "INSERT INTO $tableName (";
for ($i=1; $i < $fields; $i++) {
        if ($i!=1) {
                $sql = $sql . ", ";
        }
        $name  = mysql_field_name($result, $i);
        $sql = $sql . $name;
}
$sql = $sql . ") VALUES (";
for ($i=1; $i < $fields; $i++) {
        if ($i!=1) {
                $sql = $sql . ", ";
        }
        if ($plain[$i]!="") {
                $sql = $sql . "'" . $plain[$i] . "'";
        } else {
                $sql = $sql . "NULL";
        }
}
$sql = $sql . ")";
$short_desc = "Adding record to <a href='$editData_link?data=$tableName'>$tableName</a>";
$long_desc = "<thead><tr><td colspan=\"4\">Adding New Record to $tableName</td></tr></thead><tbody>\n";
for ($i=1; $i<$fields; $i++) {
	if ($i % 2 == 1) {
		if ($i != 1) {
			$long_desc = $long_desc . "</tr>\n";
		}
		$long_desc = $long_desc . "<tr>";
	}
	$long_desc = $long_desc . "<td class=\"field-name\">".mysql_field_name($result, $i)."</td>";
	$long_desc = $long_desc . "<td>".htmlspecialchars($plain[$i])."</td>";
}
if ($fields % 2 == 1) {
	$long_desc = $long_desc . "</tr>\n";
} else $long_desc = $long_desc . "<td></td><td></td></tr>\n";
$long_desc = $long_desc . "</tbody>\n";

/* User wants to delete data */
} else if ($_POST['DeleteSelected']=='Delete Selected') {

/* Building Query */

$sql;
$long_desc="<thead><tr><td colspan=\"4\">Deleting Records from $tableName</td></tr></thead>\n";
$num=0;

while (list($key,$value) = each($_POST))
{
    if (substr($key,0,7)=='delete_' && $value=='Yes')
    {
	$num++;
       	$sql = $sql . "DELETE FROM $tableName WHERE " . mysql_field_name($result, 0) . "='" . substr($key,7) . "'; "; 
	$result3 = mysql_query("SELECT * FROM $tableName WHERE " . mysql_field_name($result, 0) . "='" . substr($key,7) . "'");
	$plain2 = mysql_fetch_array($result3);
	$long_desc = $long_desc . "<tbody>";
	for ($i=1; $i<$fields; $i++) {
        	if ($i % 2 == 1) {
        	        if ($i != 1) {
        	                $long_desc = $long_desc . "</tr>\n";
        	        }
        	        $long_desc = $long_desc . "<tr>";
        	}
        	$long_desc = $long_desc . "<td class=\"field-name\">".mysql_field_name($result, $i)."</td>";
        	$long_desc = $long_desc . "<td>".htmlspecialchars($plain2[$i])."</td>";
	}
	$long_desc = $long_desc . "</tbody>\n";
    }
}
$short_desc= "Deleting records ($num) from <a href='$editData_link?data=$tableName'>$tableName</a>";


/* User wants to update data */
} else if ($_POST['Submit']=='Update Data') {

/* Buildling Query */

$long_desc="<thead><tr><td colspan=\"2\">Old version of record in $tableName</td><td colspan=\"2\">New version of record in $tableName</td></tr></thead><tbody>\n";
$result3 = mysql_query("SELECT * FROM $tableName WHERE " . mysql_field_name($result, 0) . "='" . $plain[0] . "'");
$plain2 = mysql_fetch_array($result3);
  
$sql = "UPDATE $tableName SET ";
for ($i=0; $i< $fields; $i++) {
        if ($i!=0) {
                $sql = $sql . ", ";
        }
        $name = mysql_field_name($result, $i);
	$class="";
	if ($plain2[$i] != $plain[$i]) {
		$class=" class=\"error-message\"";
	}
	$long_desc = $long_desc . "<tr$class><td class=\"field-name\">".$name."</td><td>".htmlspecialchars($plain2[$i])."</td>\n";
	$long_desc = $long_desc . "<td class=\"field-name\">".$name."</td><td>".htmlspecialchars($plain[$i])."</td></tr>\n";

   //      Checking for empty input when the not_null flag is set 
        if (($plain[$i] == "") && (strpos(mysql_field_flags($result, $i), "not_null")!==false)) {
//echo "<h1>".mysql_field_flags($result, $i)."</h1>";
                $error_field = mysql_field_name($result, $i);
                $error_exists = true;
        } else if ($plain[$i] == "") {
                $sql = $sql . $name . "=NULL";
        } else {
                $sql = $sql . $name . "='" . $plain[$i] .  "'";
        }
}
if ($error_exists==true) {
	if ($_GET['input'] == 'plain') {
	        $_POST['Submit'] = 'Plain Text Edit';
	} else {
	        $_POST['Submit'] = 'Form Edit';
	}
}
$sql = $sql . " WHERE " . mysql_field_name($result, 0) . "='" . $plain[0] . "'";
$short_desc = "Updating record in <a href='$editData_link?data=$tableName'>$tableName</a>";
$long_desc = $long_desc . "</tbody>";
}

//echo "<p>".$sql."</p>";
//echo "<p>".$short_desc."</p>";
//echo "<table border=\"1\">".$long_desc."</table>";

$sql = "INSERT INTO changes (Query, HTMLDescription, ShortDescription, ChangeDate, Username) VALUES ('".mysql_real_escape_string($sql)."', '".mysql_real_escape_string($long_desc)."', '" . mysql_real_escape_string($short_desc) ."', '". date("Y/m/d")."', '". mysql_real_escape_string($_SESSION['name'])."')";
//echo $sql;
if (!$error_exists && mysql_query($sql))
	echo "...Done</p>";
else
	echo "</p><p class=\"error-message\">Error: Unable to send change. Please review change and try again. </p>\n";

?>
